{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,14]],"date-time":"2026-01-14T19:58:08Z","timestamp":1768420688314,"version":"3.49.0"},"publisher-location":"Cham","reference-count":38,"publisher":"Springer International Publishing","isbn-type":[{"value":"9783030004699","type":"print"},{"value":"9783030004705","type":"electronic"}],"license":[{"start":{"date-parts":[[2018,1,1]],"date-time":"2018-01-01T00:00:00Z","timestamp":1514764800000},"content-version":"unspecified","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2018]]},"DOI":"10.1007\/978-3-030-00470-5_10","type":"book-chapter","created":{"date-parts":[[2018,9,6]],"date-time":"2018-09-06T06:43:19Z","timestamp":1536216199000},"page":"207-227","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":59,"title":["Characterizing Eve: Analysing Cybercrime Actors in a Large Underground Forum"],"prefix":"10.1007","author":[{"ORCID":"https:\/\/orcid.org\/0000-0003-1036-6359","authenticated-orcid":false,"given":"Sergio","family":"Pastrana","sequence":"first","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0003-3037-2684","authenticated-orcid":false,"given":"Alice","family":"Hutchings","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0001-9647-4902","authenticated-orcid":false,"given":"Andrew","family":"Caines","sequence":"additional","affiliation":[]},{"given":"Paula","family":"Buttery","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2018,9,7]]},"reference":[{"key":"10_CR1","doi-asserted-by":"crossref","unstructured":"Afroz, S., Garg, V., McCoy, D., Greenstadt, R.: Honor among thieves: a common\u2019s analysis of cybercrime economies. In: eCrime Researchers Summit, pp. 1\u201311. IEEE (2013)","DOI":"10.1109\/eCRS.2013.6805778"},{"key":"10_CR2","doi-asserted-by":"crossref","unstructured":"Allodi, L.: Economic factors of vulnerability trade and exploitation. In: Proceedings of the ACM SIGSAC Conference on Computer and Communications Security, pp. 1483\u20131499. ACM (2017)","DOI":"10.1145\/3133956.3133960"},{"key":"10_CR3","doi-asserted-by":"publisher","first-page":"265","DOI":"10.1007\/978-3-642-39498-0_12","volume-title":"The Economics of Information Security and Privacy","author":"R Anderson","year":"2013","unstructured":"Anderson, R., et al.: Measuring the cost of cybercrime. In: B\u00f6hme, R. (ed.) The Economics of Information Security and Privacy, pp. 265\u2013300. Springer, Heidelberg (2013). https:\/\/doi.org\/10.1007\/978-3-642-39498-0_12"},{"key":"10_CR4","unstructured":"Antonakakis, M., et al.: Understanding the Mirai Botnet. In: Proceedings of the 26th USENIX Security Symposium, Vancouver, BC, pp. 1093\u20131110 (2017)"},{"issue":"Jan","key":"10_CR5","first-page":"993","volume":"3","author":"DM Blei","year":"2003","unstructured":"Blei, D.M., Ng, A.Y., Jordan, M.I.: Latent dirichlet allocation. J. Mach. Learn. Res. 3(Jan), 993\u20131022 (2003)","journal-title":"J. Mach. Learn. Res."},{"key":"10_CR6","unstructured":"Caballero, J., Grier, C., Kreibich, C., Paxson, V.: Measuring pay-per-install: the commoditization of malware distribution. In: Proceedings of the 20th USENIX Security Symposium, Berkeley, CA, USA, p. 13 (2011)"},{"key":"10_CR7","unstructured":"Caines, A., Pastrana, S., Hutchings, A., Buttery, P.: Automatically identifying the function and intent of posts in underground forums. (in submission)"},{"issue":"4","key":"10_CR8","doi-asserted-by":"publisher","first-page":"585","DOI":"10.1145\/2740070.2631464","volume":"44","author":"W Chang","year":"2014","unstructured":"Chang, W., Wang, A., Mohaisen, A., Chen, S.: Characterizing botnets-as-a-service. ACM SIGCOMM Comput. Commun. Rev. 44(4), 585\u2013586 (2014)","journal-title":"ACM SIGCOMM Comput. Commun. Rev."},{"key":"10_CR9","volume-title":"Discovering Statistics Using SPSS","author":"A Field","year":"2005","unstructured":"Field, A.: Discovering Statistics Using SPSS, 2nd edn. SAGE Publications, London (2005)","edition":"2"},{"key":"10_CR10","unstructured":"Franklin, J., Paxson, V., Perrig, A., Savage, S.: An inquiry into the nature and causes of the wealth of Internet miscreants. In: Proceedings of the ACM SIGSAC Conference on Computer and Communications Security (2007)"},{"key":"10_CR11","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"32","DOI":"10.1007\/978-3-662-47854-7_3","volume-title":"Financial Cryptography and Data Security","author":"V Garg","year":"2015","unstructured":"Garg, V., Afroz, S., Overdorf, R., Greenstadt, R.: Computer-supported cooperative crime. In: B\u00f6hme, R., Okamoto, T. (eds.) FC 2015. LNCS, vol. 8975, pp. 32\u201343. Springer, Heidelberg (2015). https:\/\/doi.org\/10.1007\/978-3-662-47854-7_3"},{"issue":"2","key":"10_CR12","doi-asserted-by":"publisher","first-page":"171","DOI":"10.1080\/01639620601131065","volume":"28","author":"TJ Holt","year":"2007","unstructured":"Holt, T.J.: Subcultural evolution? Examining the influence of on- and off-line experiences on deviant subcultures. Deviant Behav. 28(2), 171\u2013198 (2007)","journal-title":"Deviant Behav."},{"key":"10_CR13","unstructured":"Hutchings, A.: Cybercrime trajectories: an integrated theory of initiation, maintenance, and desistance. In: Crime Online: Correlates, Causes, and Context, pp. 117\u2013140. Carolina Academic Press (2016)"},{"issue":"10","key":"10_CR14","doi-asserted-by":"publisher","first-page":"1163","DOI":"10.1080\/01639625.2016.1169829","volume":"37","author":"A Hutchings","year":"2016","unstructured":"Hutchings, A., Clayton, R.: Exploring the provision of online booter services. Deviant Behav. 37(10), 1163\u20131178 (2016)","journal-title":"Deviant Behav."},{"issue":"3","key":"10_CR15","doi-asserted-by":"publisher","first-page":"596","DOI":"10.1093\/bjc\/azu106","volume":"55","author":"A Hutchings","year":"2015","unstructured":"Hutchings, A., Holt, T.J.: A crime script analysis of the online stolen data market. Br. J. Criminol. 55(3), 596\u2013614 (2015)","journal-title":"Br. J. Criminol."},{"key":"10_CR16","first-page":"20","volume":"38","author":"M Karami","year":"2013","unstructured":"Karami, M., McCoy, D.: Rent to PWN: analyzing commodity booter DDoS services. Usenix Login 38, 20\u201323 (2013)","journal-title":"Usenix Login"},{"issue":"2","key":"10_CR17","doi-asserted-by":"publisher","first-page":"129","DOI":"10.1109\/TIT.1982.1056489","volume":"28","author":"S Lloyd","year":"1982","unstructured":"Lloyd, S.: Least squares quantization in PCM. IEEE Trans. Inf. Theory 28(2), 129\u2013137 (1982)","journal-title":"IEEE Trans. Inf. Theory"},{"key":"10_CR18","doi-asserted-by":"crossref","unstructured":"Lusthaus, J., Varese, F.: Offline and local: the hidden face of cybercrime. Polic.: J. Policy Pract. 1\u201311 (2017). advanced access","DOI":"10.1093\/police\/pax042"},{"key":"10_CR19","doi-asserted-by":"crossref","unstructured":"Macdonald, M., Frank, R., Mei, J., Monk, B.: Identifying digital threats in a hacker web forum. In: International Conference on Advances in Social Networks Analysis and Mining, pp. 926\u2013933. IEEE\/ACM (2015)","DOI":"10.1145\/2808797.2808878"},{"issue":"2","key":"10_CR20","first-page":"313","volume":"19","author":"MP Marcus","year":"1993","unstructured":"Marcus, M.P., Marcinkiewicz, M.A., Santorini, B.: Building a large annotated corpus of English: the penn treebank. Comput. Linguist. 19(2), 313\u2013330 (1993)","journal-title":"Comput. Linguist."},{"key":"10_CR21","unstructured":"McMillen, D., Alvarez, M.: Mirai IoT botnet: mining for bitcoins? IBM Security Intelligence (2017). https:\/\/perma.cc\/SK2R-C3H7"},{"key":"10_CR22","doi-asserted-by":"crossref","unstructured":"Motoyama, M., McCoy, D., Levchenko, K., Savage, S., Voelker, G.M.: An analysis of underground forums. In: Proceedings of the ACM SIGCOMM Conference on Internet Measurement Conference, pp. 71\u201380 (2011)","DOI":"10.1145\/2068816.2068824"},{"key":"10_CR23","unstructured":"National Crime Agency: Pathways into cyber crime (2017). https:\/\/perma.cc\/897P-GZ3R"},{"key":"10_CR24","doi-asserted-by":"crossref","unstructured":"Noroozian, A., Korczy\u0144ski, M., Ga\u00f1an, C.H., Makita, D., Yoshioka, K., van Eeten, M.: Who gets the boot? Analyzing victimization by DDoS-as-a-service. In: International Symposium on Research in Attacks, Intrusions, and Defenses, pp. 368\u2013389 (2016)","DOI":"10.1007\/978-3-319-45719-2_17"},{"key":"10_CR25","doi-asserted-by":"crossref","unstructured":"Nunes, E., et al.: Darknet and deepnet mining for proactive cybersecurity threat intelligence. In: Conference on Intelligence and Security Informatics (ISI), pp. 7\u201312. IEEE (2016)","DOI":"10.1109\/ISI.2016.7745435"},{"key":"10_CR26","unstructured":"Overdorf, R., Troncoso, C., Greenstadt, R., McCoy, D.: Under the underground: predicting private interactions in underground forums. arXiv preprint arXiv:1805.04494 (2018)"},{"key":"10_CR27","doi-asserted-by":"crossref","unstructured":"Pastrana, S., Thomas, D.R., Hutchings, A., Clayton, R.: CrimeBB: enabling cybercrime research on underground forums at scale. In: Proceedings of The Web Conference (WWW). ACM (2018)","DOI":"10.1145\/3178876.3186178"},{"key":"10_CR28","doi-asserted-by":"crossref","unstructured":"Portnoff, R.S., et al.: Tools for automated analysis of cybercriminal markets. In: Proceedings of 26th International World Wide Web conference (2017)","DOI":"10.1145\/3038912.3052600"},{"key":"10_CR29","doi-asserted-by":"crossref","unstructured":"Samtani, S., Chinn, R., Chen, H.: Exploring hacker assets in underground forums. In: International Conference on Intelligence and Security Informatics (ISI), pp. 31\u201336. IEEE (2015)","DOI":"10.1109\/ISI.2015.7165935"},{"issue":"1","key":"10_CR30","doi-asserted-by":"publisher","first-page":"28","DOI":"10.1016\/j.ijcip.2013.01.002","volume":"6","author":"AK Sood","year":"2013","unstructured":"Sood, A.K., Enbody, R.J.: Crimeware-as-a-service: a survey of commoditized crimeware in the underground market. Int. J. Crit. Infrastruct. Prot. 6(1), 28\u201338 (2013)","journal-title":"Int. J. Crit. Infrastruct. Prot."},{"key":"10_CR31","unstructured":"Soska, K., Christin, N.: Measuring the longitudinal evolution of the online anonymous marketplace ecosystem. In: Proceedings of the 24th USENIX Security Symposium (2015)"},{"key":"10_CR32","doi-asserted-by":"publisher","first-page":"11","DOI":"10.1108\/eb026526","volume":"28","author":"K Sp\u00e4rck-Jones","year":"1972","unstructured":"Sp\u00e4rck-Jones, K.: A statistical interpretation of term specificity and its application in retrieval. J. Doc. 28, 11\u201321 (1972)","journal-title":"J. Doc."},{"key":"10_CR33","volume-title":"White Collar Crime: The Uncut Version","author":"EH Sutherland","year":"1949","unstructured":"Sutherland, E.H.: White Collar Crime: The Uncut Version. Yale University Press, New Haven (1949)"},{"key":"10_CR34","doi-asserted-by":"publisher","unstructured":"Thomas, D.R., Clayton, R., Beresford, A.R.: 1000 days of UDP amplification DDoS attacks. In: APWG Symposium on Electronic Crime Research (eCrime). IEEE (2017). https:\/\/doi.org\/10.1109\/ECRIME.2017.7945057","DOI":"10.1109\/ECRIME.2017.7945057"},{"issue":"4","key":"10_CR35","doi-asserted-by":"publisher","first-page":"267","DOI":"10.1007\/BF02289263","volume":"18","author":"RL Thorndike","year":"1953","unstructured":"Thorndike, R.L.: Who belongs in the family? Psychometrika 18(4), 267\u2013276 (1953)","journal-title":"Psychometrika"},{"key":"10_CR36","unstructured":"Valeros, V.: A study of RATs: third timeline iteration (2018). https:\/\/perma.cc\/REB5-JFNR"},{"key":"10_CR37","volume-title":"Theoretical Criminology","author":"GB Vold","year":"2002","unstructured":"Vold, G.B., Bernard, T.J., Snipes, J.B.: Theoretical Criminology, 5th edn. Oxford University Press, Inc., New York (2002)","edition":"5"},{"key":"10_CR38","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/s10796-015-9567-0","volume":"17","author":"X Zhang","year":"2015","unstructured":"Zhang, X., Tsang, A., Yue, W.T., Chau, M.: The classification of hackers by knowledge exchange behaviors. Inf. Syst. Front. 17, 1\u201313 (2015)","journal-title":"Inf. Syst. Front."}],"container-title":["Lecture Notes in Computer Science","Research in Attacks, Intrusions, and Defenses"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-030-00470-5_10","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,10,23]],"date-time":"2019-10-23T16:37:43Z","timestamp":1571848663000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-030-00470-5_10"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2018]]},"ISBN":["9783030004699","9783030004705"],"references-count":38,"URL":"https:\/\/doi.org\/10.1007\/978-3-030-00470-5_10","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2018]]}}}